Vulnerabilities

A Vulnerability is a state in a computing system (or set of systems) which either (a) allows an attacker to execute commands as another user, (b) allows an attacker to access data that is contrary to the specified access restrictions for that data, (c) allows an attacker to pose as another entity, or (d) allows an attacker to conduct a denial of service.Advisories relating to Symantec products may be viewed here.

Adobe Flash Player is prone to an unspecified heap-based buffer-overflow vulnerability. Attackers can exploit this issue to execute arbitrary code within the context of the application. Failed attempts will likely cause a denial-of-service condition; this can result in the attacker gaining complete control of the affected system.

Technologies Affected

Adobe Flash Player 11

Adobe Flash Player 11.0.1.129

Adobe Flash Player 11.0.1.152

Adobe Flash Player 11.0.1.153

Adobe Flash Player 11.0.1.60

Adobe Flash Player 11.0.1.98

Adobe Flash Player 11.1

Adobe Flash Player 11.1.102.228

Adobe Flash Player 11.1.102.55

Adobe Flash Player 11.1.102.59

Adobe Flash Player 11.1.102.62

Adobe Flash Player 11.1.102.63

Adobe Flash Player 11.1.111.10

Adobe Flash Player 11.1.111.44

Adobe Flash Player 11.1.111.5

Adobe Flash Player 11.1.111.50

Adobe Flash Player 11.1.111.54

Adobe Flash Player 11.1.111.6

Adobe Flash Player 11.1.111.64

Adobe Flash Player 11.1.111.7

Adobe Flash Player 11.1.111.73

Adobe Flash Player 11.1.111.8

Adobe Flash Player 11.1.111.9

Adobe Flash Player 11.1.112.61

Adobe Flash Player 11.1.115.11

Adobe Flash Player 11.1.115.34

Adobe Flash Player 11.1.115.48

Adobe Flash Player 11.1.115.54

Adobe Flash Player 11.1.115.58

Adobe Flash Player 11.1.115.59

Adobe Flash Player 11.1.115.6

Adobe Flash Player 11.1.115.63

Adobe Flash Player 11.1.115.69

Adobe Flash Player 11.1.115.7

Adobe Flash Player 11.1.115.8

Adobe Flash Player 11.1.115.81

Adobe Flash Player 11.2.202 236

Adobe Flash Player 11.2.202 238

Adobe Flash Player 11.2.202.160

Adobe Flash Player 11.2.202.197

Adobe Flash Player 11.2.202.221

Adobe Flash Player 11.2.202.223

Adobe Flash Player 11.2.202.228

Adobe Flash Player 11.2.202.229

Adobe Flash Player 11.2.202.233

Adobe Flash Player 11.2.202.235

Adobe Flash Player 11.2.202.236

Adobe Flash Player 11.2.202.238

Adobe Flash Player 11.2.202.243

Adobe Flash Player 11.2.202.251

Adobe Flash Player 11.2.202.258

Adobe Flash Player 11.2.202.261

Adobe Flash Player 11.2.202.262

Adobe Flash Player 11.2.202.270

Adobe Flash Player 11.2.202.273

Adobe Flash Player 11.2.202.275

Adobe Flash Player 11.2.202.280

Adobe Flash Player 11.2.202.285

Adobe Flash Player 11.2.202.291

Adobe Flash Player 11.2.202.297

Adobe Flash Player 11.2.202.310

Adobe Flash Player 11.2.202.327

Adobe Flash Player 11.2.202.332

Adobe Flash Player 11.2.202.335

Adobe Flash Player 11.2.202.336

Adobe Flash Player 11.2.202.341

Adobe Flash Player 11.2.202.346

Adobe Flash Player 11.2.202.350

Adobe Flash Player 11.2.202.356

Adobe Flash Player 11.2.202.359

Adobe Flash Player 11.2.202.378

Adobe Flash Player 11.2.202.394

Adobe Flash Player 11.2.202.400

Adobe Flash Player 11.2.202.406

Adobe Flash Player 11.2.202.411

Adobe Flash Player 11.2.202.418

Adobe Flash Player 11.2.202.424

Adobe Flash Player 11.2.202.425

Adobe Flash Player 11.2.202.429

Adobe Flash Player 11.2.202.438

Adobe Flash Player 11.2.202.440

Adobe Flash Player 11.2.202.442

Adobe Flash Player 11.2.202.451

Adobe Flash Player 11.2.202.457

Adobe Flash Player 11.2.202.460

Adobe Flash Player 11.2.202.466

Adobe Flash Player 11.2.202.95

Adobe Flash Player 11.3.300.214

Adobe Flash Player 11.3.300.231

Adobe Flash Player 11.3.300.250

Adobe Flash Player 11.3.300.257

Adobe Flash Player 11.3.300.262

Adobe Flash Player 11.3.300.265

Adobe Flash Player 11.3.300.268

Adobe Flash Player 11.3.300.270

Adobe Flash Player 11.3.300.271

Adobe Flash Player 11.3.300.273

Adobe Flash Player 11.3.31.230

Adobe Flash Player 11.3.378.5

Adobe Flash Player 11.4.400.231

Adobe Flash Player 11.4.402.265

Adobe Flash Player 11.4.402.278

Adobe Flash Player 11.4.402.287

Adobe Flash Player 11.5.500.80

Adobe Flash Player 11.5.502.110

Adobe Flash Player 11.5.502.118

Adobe Flash Player 11.5.502.124

Adobe Flash Player 11.5.502.131

Adobe Flash Player 11.5.502.135

Adobe Flash Player 11.5.502.136

Adobe Flash Player 11.5.502.146

Adobe Flash Player 11.5.502.149

Adobe Flash Player 11.6.602.105

Adobe Flash Player 11.6.602.167

Adobe Flash Player 11.6.602.168

Adobe Flash Player 11.6.602.171

Adobe Flash Player 11.6.602.180

Adobe Flash Player 11.7.700.169

Adobe Flash Player 11.7.700.202

Adobe Flash Player 11.7.700.203

Adobe Flash Player 11.7.700.225

Adobe Flash Player 11.7.700.232

Adobe Flash Player 11.7.700.242

Adobe Flash Player 11.7.700.252

Adobe Flash Player 11.7.700.257

Adobe Flash Player 11.7.700.260

Adobe Flash Player 11.7.700.261

Adobe Flash Player 11.7.700.269

Adobe Flash Player 11.7.700.272

Adobe Flash Player 11.7.700.275

Adobe Flash Player 11.7.700.279

Adobe Flash Player 11.8.800.168

Adobe Flash Player 11.8.800.170

Adobe Flash Player 11.8.800.94

Adobe Flash Player 11.8.800.97

Adobe Flash Player 11.9.900.117

Adobe Flash Player 11.9.900.152

Adobe Flash Player 11.9.900.170

Adobe Flash Player 13.0.0.182

Adobe Flash Player 13.0.0.201

Adobe Flash Player 13.0.0.206

Adobe Flash Player 13.0.0.214

Adobe Flash Player 13.0.0.223

Adobe Flash Player 13.0.0.231

Adobe Flash Player 13.0.0.241

Adobe Flash Player 13.0.0.244

Adobe Flash Player 13.0.0.250

Adobe Flash Player 13.0.0.252

Adobe Flash Player 13.0.0.258

Adobe Flash Player 13.0.0.259

Adobe Flash Player 13.0.0.260

Adobe Flash Player 13.0.0.262

Adobe Flash Player 13.0.0.264

Adobe Flash Player 13.0.0.269

Adobe Flash Player 13.0.0.277

Adobe Flash Player 13.0.0.281

Adobe Flash Player 13.0.0.289

Adobe Flash Player 13.0.0.292

Adobe Flash Player 14.0.0.125

Adobe Flash Player 14.0.0.145

Adobe Flash Player 14.0.0.176

Adobe Flash Player 14.0.0.177

Adobe Flash Player 14.0.0.179

Adobe Flash Player 15.0.0.152

Adobe Flash Player 15.0.0.189

Adobe Flash Player 15.0.0.223

Adobe Flash Player 15.0.0.239

Adobe Flash Player 15.0.0.242

Adobe Flash Player 15.0.0.246

Adobe Flash Player 16.0.0.234

Adobe Flash Player 16.0.0.235

Adobe Flash Player 16.0.0.257

Adobe Flash Player 16.0.0.287

Adobe Flash Player 16.0.0.291

Adobe Flash Player 16.0.0.296

Adobe Flash Player 16.0.0.305

Adobe Flash Player 17.0.0.134

Adobe Flash Player 17.0.0.169

Adobe Flash Player 17.0.0.188

Adobe Flash Player 18.0.0.143

Adobe Flash Player 18.0.0.160

Adobe Flash Player 18.0.0.161

HP Insight Orchestration 6.0

HP Insight Orchestration 6.1

HP Insight Orchestration 6.2

HP System Management Homepage 2.0.0

HP System Management Homepage 2.0.1

HP System Management Homepage 2.0.2

HP System Management Homepage 2.1.0

HP System Management Homepage 2.1.1

HP System Management Homepage 2.1.10

HP System Management Homepage 2.1.11

HP System Management Homepage 2.1.12

HP System Management Homepage 2.1.15

HP System Management Homepage 2.1.2

HP System Management Homepage 2.1.3

HP System Management Homepage 2.1.4

HP System Management Homepage 2.1.5

HP System Management Homepage 2.1.6

HP System Management Homepage 2.1.7

HP System Management Homepage 2.1.8

HP System Management Homepage 2.1.9

HP System Management Homepage 2.2.6

HP System Management Homepage 2.2.8

HP System Management Homepage 2.2.9.1

HP System Management Homepage 3.0.0.64

HP System Management Homepage 3.0.0.68

HP System Management Homepage 3.0.1

HP System Management Homepage 3.0.2.77

HP System Management Homepage 3.2.2

HP System Management Homepage 3.2.7

HP System Management Homepage 6.0

HP System Management Homepage 6.2

HP System Management Homepage 6.2.0

HP System Management Homepage 6.2.2.7

HP System Management Homepage 6.3

HP System Management Homepage 6.3.0

HP System Management Homepage 7.0

HP System Management Homepage 7.1

HP System Management Homepage 7.1.1

HP System Management Homepage 7.1.2

HP System Management Homepage 7.2

HP System Management Homepage 7.2.0

HP System Management Homepage 7.2.1

HP System Management Homepage 7.2.2

HP System Management Homepage 7.2.3

HP System Management Homepage 7.2.4.1

HP System Management Homepage 7.3

HP System Management Homepage 7.3.1

HP System Management Homepage 7.3.2

HP System Management Homepage 7.3.3.1

HP System Management Homepage 7.4

HP Systems Insight Manager 4.2

HP Systems Insight Manager 5.0

HP Systems Insight Manager 5.3

HP Systems Insight Manager 6.0

HP Systems Insight Manager 6.1

HP Systems Insight Manager 6.2

HP Systems Insight Manager 6.3

HP Systems Insight Manager 7.0

HP Systems Insight Manager 7.1.1

HP Systems Insight Manager 7.2

HP Systems Insight Manager 7.2.1

HP Systems Insight Manager 7.2.2

HP Systems Insight Manager 7.3

HP Systems Insight Manager 7.3.1

HP Systems Insight Manager 7.3.2

HP Systems Insight Manager 7.4

HP Version Control Agent 2.1.5

HP Version Control Agent 7.2.0

HP Version Control Agent 7.2.1

HP Version Control Agent 7.2.2

HP Version Control Agent 7.3.0

HP Version Control Agent 7.3.1

HP Version Control Agent 7.3.2

HP Version Control Agent 7.3.3

HP Version Control Agent 7.3.4

HP Version Control Agent 7.3.5

HP Version Control Repository Manager 7.2.0

HP Version Control Repository Manager 7.2.1

HP Version Control Repository Manager 7.2.2

HP Version Control Repository Manager 7.3.0

HP Version Control Repository Manager 7.3.1

HP Version Control Repository Manager 7.3.2

HP Version Control Repository Manager 7.3.3

HP Version Control Repository Manager 7.3.4

HP Version Control Repository Manager 7.4.0

HP Version Control Repository Manager 7.4.0a

HP Version Control Repository Manager 7.4.1

HP Virtual Connect Enterprise Manager 6.0

HP Virtual Connect Enterprise Manager 6.1

HP Virtual Connect Enterprise Manager 6.2

HP iMC PLAT 7.0

HP iMC PLAT 7.1 E0303P06

HP iMC SHM

Microsoft Internet Explorer 10

Microsoft Internet Explorer 11

Redhat Enterprise Linux Desktop Supplementary 5 Client

Redhat Enterprise Linux Desktop Supplementary 6

Redhat Enterprise Linux Server Supplementary 6

Redhat Enterprise Linux Supplementary 5 Server

Redhat Enterprise Linux Workstation Supplementary 6

SuSE openSUSE Evergreen 11.4

Recommendations

Run all software as a nonprivileged user with minimal access rights.

To reduce the impact of latent vulnerabilities, run the application with the minimal amount of privileges required for functionality.

Deploy NIDS to monitor network traffic for signs of anomalous or suspicious activity including unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits.

Do not accept or execute files from untrusted or unknown sources.

To reduce the likelihood of successful exploits, never handle files that originate from unfamiliar or untrusted sources.

Do not follow links provided by unknown or untrusted sources.

To reduce the likelihood of attacks, never visit sites of questionable integrity or follow links provided by unfamiliar or untrusted sources.

Implement multiple redundant layers of security.

Various memory-protection schemes (such as nonexecutable and randomly mapped memory segments) may hinder an attacker's ability to exploit this vulnerability to execute arbitrary code.

Updates are available. Please see the references or vendor advisory for more information.

Copyright (c) 2009 Symantec Corporation

Permission to redistribute this alert electronically is granted as long as it is not edited in any way unless authorized by Symantec Security Response. Reprinting the whole or part of this alert in any medium other than electronically requires permission from secure@symantec.com.

Disclaimer

The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information.Symantec, Symantec products, Symantec Security Response, and secure@symantec.com are registered trademarks of Symantec Corp. and/or affiliated companies in the United States and other countries. All other registered and unregistered trademarks represented in this document are the sole property of their respective companies/owners.